VYPR
Unrated severityNVD Advisory· Published Dec 31, 2007· Updated Jun 16, 2026

CVE-2007-6604

CVE-2007-6604

Description

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xcms/Xcms2 versions
    cpe:2.3:a:xcms:xcms:1.82:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xcms:xcms:1.82:*:*:*:*:*:*:*
    • (no CPE)range: <=1.82

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.